If you haven’t been following the story so far, DigiNotar, a Dutch certificate authority that provides SSL certificates, was breached by hackers. A compromised CA doesn’t exactly convey the level of trust one would want from a certificate authority.
It was first detected that a wildcard SSL certificate for *.google.com was issued and Chrome threw up an additional warning when an Iran native tried to check his Gmail and suspected it was a man-in-the-middle attack. That fraudulent certificate was revoked by Google, Mozilla, and Microsoft quickly. The CA confirmed the attack but seemed to keep people in the dark about the problem and it was later exposed that the issue was far more expansive than originally assumed with possibly over 500 fraudulent certificates issued targeting organizations like Mozilla, Yahoo!, WordPress, Microsoft, Twitter, Tor Project and others.
Forensic security company Fox-IT is investigating DigiNotar and the Dutch government has stepped in to investigate the incident management. You can read the highlights of Fox-IT’s report on ISC.
Get your systems up to date and stay alert for situations like these. The hacker claiming responsibility for the DigiNotar breach was the same who breached Comodo previously. They recently claim to have also breached GlobalSign and will show the results soon. With very pro-Iran comments, the hacker responded to comments in another Pastebin submission. Comodohacker on Pastebin further stated that they could issue Windows Updates.
While every day users are unlikely to be directly affected by this breach, it is important to keep software up to date that automatically trusts signed certificates from this breached CA. The following vendors have provided updates or instructions to remove the DigiNotar certificates from their products.
- Adobe Acrobat and Reader Also, Adobe publishes their Adobe Approved Trust List with DigiNotar removed.
- Microsoft Update
- Mozilla Firefox and Thunderbird (manual removal instructions and then updates to 6.0.2)
- Google Chrome version 13.0.782.220